Yesterday came more bad news for embattled vote counting rigging machine manufacturer Diebold. On Monday, Diebold CEO Walden O’Dell unexpectedly resigned due “personal reasons,” one day before a securities fraud class action suit was filed against him, Diebold, and seven other current and former officers. (RawStory has more details on the company’s woes from Diebold insider “Dieb-Throat.”)
Well, now comes word from Black Box Voting that a major security flaw has prompted Leon County Florida supervisor of elections Ion Sancho to announce that he will never again use Diebold in an election, and will request funds to replace the Diebold system in his county.
A test election was run in Leon County on Tuesday with a total of eight ballots. Six ballots voted “no” on a ballot question as to whether Diebold voting machines can be hacked or not. Two ballots, cast by Dr. Herbert Thompson and by Harri Hursti voted “yes” indicating a belief that the Diebold machines could be hacked.
At the beginning of the test election the memory card programmed by Harri Hursti was inserted into an Optical Scan Diebold voting machine. A “zero report” was run indicating zero votes on the memory card. In fact, however, Hursti had pre-loaded the memory card with plus and minus votes.
The eight ballots were run through the optical scan machine. The standard Diebold-supplied “ender card” was run through as is normal procedure ending the election. A results tape was run from the voting machine.
Correct results should have been: Yes:2 ; No:6
However, just as Hursti had planned, the results tape read: Yes:7 ; No:1
The results were then uploaded from the optical scan voting machine into the GEMS central tabulator, a step cited by Diebold as a protection against memory card hacking. The central tabulator is the “mother ship” that pulls in all votes from voting machines. However, the GEMS central tabulator failed to notice that the voting machines had been hacked.
The results in the central tabulator read:Yes:7 ; No:1
Of course, the fact that a system can be hacked, doesn’t mean it has been hacked. It should be noted that while this is exactly the same type of Diebold system used in King County and throughout much of WA state, our state’s electoral integrity survived the most grueling and definitive test of all: the 2004 gubernatorial hand recount. Apart from the ballots legally added between tabulations, the difference between the hand and machine counts was statistically insignificant, proving that there was no manipulation of the data coming from the optical scanners or the GEMS central tabulator.
Curiously, one of the election “reforms” pushed by WA state Republicans is to remove hand recounts from our election procedures, thus eliminating the most definitive check on our automated vote tabulation systems. Hmmm.
The lesson that should be learned from all this is that the franchise is simply too valuable to trust to proprietary software from a private corporation. The only way to assure the integrity of our vote tabulation system is to move towards one based on open source software.
Open source software? I thought those were dirty words in this neck of the woods.
goldy, don’t fret…
Your gang will figure out a way to rig this the way you’ve rigged the regular system…
righton you are the SOREST loser I’ve ever met. Get over it. Theres no evidence beyond wishful thinking that the WA elections were rigged at all (And what does it say about the rightie trolls that they want the election to have been rigged?) Whys it so inconceivable to you guys that your person would lose?
The only way to assure the integrity of our vote tabulation system is to move towards one based on open source software.
Hear hear!
Windie
a) why no reforms?
b) why 1 party (dem) insistence things are ok
c) why 1 party (dem) plan to only use absentee
d) why 1 party (dem) circular logic that you can’t prove illegal voters but nobody can hunt for them
Go read Orwell, and then replay Logan speaking, and you’ll see what we are saying.
You’ve got to be kidding. No one who has an IQ equal to their shoe size could trust these republican assholes. Exit polls in Ohio had the Democratic Presidential candidate running WELL AHEAD of Baby Bush. Then all of a sudden we get the numbers from the republican controlled machines and Monkey Face wins. Every REAL American should storm the offices of this place and hold them accountable for the theft of American democracy. Hell Iraq has a better chance of getting an honest election than we do!
righton (WrongOne): Cheer up sore loser. Have a Frothing Wingnut.
I’d go open source!
Seriously the one place we need 100% transparency is in our elections system.
I’d go so far as to say being against transparency in elections is pro-election fraud.
link
righton: No reforms? Where have you been the last year?
And answer the question: Why do you want there to have been fraud?
The Rightie world simply isn’t reality-based. Its kinda scary
FTC, those tasty?
I think what makes righton and others mad is that King county seems to run everything in the state. There doesn’t seem to be many voices heard other than those leaning left.
But that’s just one person’s opinion. Opinions are like buttholes: everyone has one, and they all stink!
PS To righton and others:
We’re talking about reform here. ie, talking about making the voting system more secure.
5 – so absurd it’s hardly worth commenting on.
a) felon database, improved KC procedures
b) Sims election reform panel, Bob Ferguson, nobody is saying things can’t be improved.
c) Silly. More details please.
d) hunt all you want but play fair.
lib@12
Yer right to some degree, the cascadia megalopolis (often defined as Vancouver BC-Portland, but lets just say Marysville-Everett-Seattle-Tacoma-Olympia) has huge amounts of power in the state, but thats only population (and common sense). If Seattle/Everett/Tacoma leaned far right, we wouldn’t be hearing one WHIT of complaint out of him.
windie;
Having the entrenched Dems tell us the system is fine, is near proof it ain’t.
Why no bi-partisan work?
@16
I’d swear there was bipartisan work over the last year. I see you’re ignoring FTC’s post, so I’ll repost it.
a) felon database, improved KC procedures
b) Sims election reform panel, Bob Ferguson, nobody is saying things can’t be improved.
c) Silly. More details please.
d) hunt all you want but play fair.
Hope that answers your questions.
I just get this feeling that you think the only fair election is one that you won. You have to know how crazy that seems.
(PS; damn, but I’m posting alot on this thread… I think I’m almost 50%!)
Open source software would make it easier to hack, sine the hackers can target the specific software being able to see its code.
having propriatary software has not transparency, but does have security
There may be some way to secure it and still keep it open source, but i will leave that to software geniuses. Somewhere there has to be a balance.
WrongOne: the KC Council Republicans grill Logan every time he appears and I see Logan taking their concerns seriously that is if they’re halfway rational, e.g. Steve “heads roll” Hammond.
Logan claims the system is transparent. Participate and prove he’s wrong. Put up or shut up.
Question to all:
The Election Task Force recommended a turnarond team, which Sims has not hired yet.
Should he?
A citizens oversight committee says no.
What say you? Should they follow the Task Force recommendation or the citizens committee?
Also, the same committee is discussing an elected Elections Auditor, as opposed to an appopinted one.
Good or bad idea?
clueless
Then stop hassling us for chasing the dwarf mailbox people…
sven: you could make it semi-open.
Certainly the counties (and the state) should have access to the code. There are also various things you can do with encryptation and such. Its by no means an insoluble problem.
Open source software would make it easier to hack, sine the hackers can target the specific software being able to see its code.
One of the principles of OSS is “with enough eyes, all bugs are shallow”. The most serious “bug” in an election tabulation system is weak security. With enough “eyes” the problem can be managed.
We heard a lot about transparency in the election contest. Transparency should extend to the software as well.
righton: unfortunately the GOP has shown an inability to act in good faith (ie the last minute perjorious ‘challenges’). There is a right way and a wrong way to deal with those problematic registrations, and your people purposely chose the worst way.
Then stop hassling us for chasing the dwarf mailbox people…
You left out “in democrat concentrated areas a few days before an election for propaganda and vote-suppression motives.”
Righton @ 16: Entrenched? What about the REPUBLICAN S.o.S? Why is he not screaming from the rooftops about the fraud?
And, as you well know, bi-partisan is whiny code for “we’re not in power and we want u to cooperate with us”. Well, if the national GOP has shown us anything, it’s that they think the appropriate response to that is STFU, or I’ll call you a traitor. In other words, maybe the state Democratic politicians would be a little more receptive to bi-partisanship if you could show that it might be a two way street. Otherwise, see the previous definition.
Finally, crisis, what crisis? Bi-patisan action might be a valid call if u could show an idependent review that our state election system needs a major overhaul. I’ve not seen anyone but the state GOP and a few individuals that seem to be overly concerned about it. And, the Dems don’t seem to be concerned that massive voter fraud would get them elected. Hmmmm, could it be that this is all smoke and no fire.
If the code is open there is no security and a good programmer can learn how to hook the system cant they? Not only would all bugs be easier to find, but ways to manipulate the design processes can be devised.
Embarassing mistake in last post. Should be “un-elected” in 2nd to last sentence
sven:
ask these guys
http://en.wikipedia.org/wiki/T.....ogy_Manual
a LOT of work goes into security for open source projects
LIbbs…
You guys sound like Area 51 goofballs when you think some Diebold fraud thing is costing you elections.
REally, worse than our suspiscions of Sims…
@30
Well, really, we’ll saying there should be protections… for everyones sake. A more transparent election system is better for everyone.
off topic…..but i thought you moonbats and conspiracy fans would like to know that paul berendt has admitted that the anti christian “flaming fish” with hypocrite on it WAS ON THE DEMS WEBSITE.
so all of you that insisted it was a photo shop job can line up and apologize and ….while i’m asking, why don’t you explain why it was okay for it to be there in the first place????
or better yet why don’t you put your mouths where they usually aren’t and take this opportunity to slam the state dem party for their religious intolerance?
Sven: Sorr to say, no. Open Source does not mean less secure. This guy knows more about computer security than either one of us, so read his argument:
http://www.schneier.com/blog/a.....m_wit.html
Money quote: “Software used on DRE machines must be open to public scrutiny. This also has two functions. One, it allows any interested party to examine the software and find bugs, which can then be corrected. This public analysis improves security. And two, it increases public confidence in the voting process. If the software is public, no one can insinuate that the voting system has unfairness built into the code. (Companies that make these machines regularly argue that they need to keep their software secret for security reasons. Don’t believe them. In this instance, secrecy has nothing to do with security.)”
MY 2 cents worth: Not only does electronic voting have to work properly, the public has to be able to verify that it has worked properly. Lack of confidence in the election system in this country is what is causing us to have these discussions!
@31
I agree and the sooner King County get there, the sooner we will be happy!
Sven @18,
Um… I guess that’s why I’m typing this on my virus-free, Mac with an OS built on an open source unix kernel, instead of on a notoriusly insecure, virus-ridden proprietary Windows system?
Larry the Urbanite,
That’s the crux of the complaints: The re-counts in KC kept coming up with more votes for Gregoire. That’s what’s got a lot of Rossi supporters mad.
Maybe we can have the next election with the electronic counting and proper public scrutiny so as to avoid all these bad feeling 13 months after the election. I’ll keep my fingers crossed!
The King County Canvassing Board looked at the same 8 ballots and determined that there were 10 yes and 2 no, as well as 1,800 voters disenfranchised by the Republican Party.
I don’t think open-source software is the solution, though it’s clearly a big step up from Diebold and its proprietary ilk.
No, I’m ever more convinced that the solution is paper. Count the paper ballots right at the polling place, right out in public, with anyone and everyone allowed to watch closely. When finished, announce the precinct results out loud for all to hear, then call them in to the next higher level for accumulation, receiving confirmation of counts. At that next level, do the summation right out in public, perhaps on an Excel spreadsheet connected to an LCD projector so that anyone and everyone can watch the results and check them against the precinct totals. Repeat as necessary at higher jurisdictional levels.
Do similar stuff with the absentee ballots … validate as legitimate, separate by precinct, then tally up through the levels as before.
Especially in WA, with its great (over?) emphasis on absentees, there’s absolutely no point in getting “immediate” results. The TV stations and newspapers can just wait a few days to get answers … the country won’t collapse if it takes a bit of time to know who won.
Paper, paper, paper. Audit trail, audit trail, audit trail. And take the time to get it counted right.
Note: this doesn’t address the GOP war on voting rights. That’s an entirely separate issue.
Goldy’s idea of having an online system that helps the voter create a ballot that the voter prints and turns in is wonderful. It stops all of the nonsense of voter intent, it would standardize the entire state and stop all voter intent issues with different standards being applied across the state. If you take it one step further and have that online system check the voter’s registration before the voter can make the ballot, and one step further to have the system assign a specific control number to the ballot that is linked to the voter, you would stop double voting and registration problems too. The control number could be printed on the county vote totals and the numbers would have to match. If the control numbers are linked to the voter, voters could also check online to find out if their ballot was counted.
We have way too much technology for this craziness all over America to continue in the way that it is.
Goldy,
Sorry about the mac. I always appreciat eht eirony, by the way, of the worlds most propriatary computer company reveling open source software.
:)
I have been running windows for 14 years, and never been virused. Not once.
I maintain that by being aware and secure. But that’s me. To each their own.
And I dont think elections should have to be any less safe or secure, and people should be just as alert and aware..
That said I appreciate the information on open source. It is food for thought.
Reposting:
Question to all:
The Election Task Force recommended a turnarond team, which Sims has not hired yet.
Should he?
A citizens oversight committee says no.
What say you? Should they follow the Task Force recommendation or the citizens committee?
Also, the same committee is discussing an elected Elections Auditor, as opposed to an appointed one.
Good or bad idea?
Sven
Sounds like stall tactic to me….you or i could have done this 12 months ago
I’m a bit uncomfortable with an elected auditor… Makes it more likely to get a political choice, which is bad, again, for both sides.
As to the other question, I dunno… seems like a wash. They’re already reforming the process and its working. Not sure what more another committee could accomplish…
Sven,
The turn around team is a waste of money. Over the past 4 or 5 years there has been several reviews, committee, even one by the Secretary of State’s Office. Most of their recommendations were NOT followed. Sam Reed proposed many changes last year, the legislature passed them and more. Sam Reed is announcing another change package for this year. Laws and rules are worthless without enforcement. The problem isn’t the poor workers in KCRE who go to work, bust their butts, and follow orders. The problem is the leadership! The problem is the systems, the training, the missing checks and balances and the systemic processes.
windie you FOOL! sez:
“I’m a bit uncomfortable with an elected auditor… Makes it more likely to get a political choice, which is bad, again, for both sides.”
So 38 other County’s have it wrong….but once again KingCo is on the F*CKING CUTTING EDGE of honesty & integrity????
You CLOWN! Sims APPOINTS Logan and you have NO PROBLEM with that???? Rather than an Auditor who has to stand up to the voters and defend their record every 4 years????
windie….you give STUCKONSTOOPID a bad name!
hey cynical. Take a valium.
Seriously.
sven @ 20
The Election Task Force recommended a turnarond team, which Sims has not hired yet.
On the conrtary, it seems that he has.
I think my thoughts on an elected official, is that at least you have accountability. Right now, the accusation is being bruted that he is just Sims’s buddy, and as long as Sims is elected, he stays in position. (i have no position on that accusation)
An elected auditor can take his chances against critics based on an election.
And since King is the only county without one, one wonders why?
For clarity, all other Counties are administered by the County Auditor, an elected position. In King County, they are run by the Record, Elections and Licensings Division, and the post of Director of that division is an appointed position.
Windi@10….
Wasn’t one of those recommended reforms that Dean Logan was supposed to step down and/or away for a period of time?
Sven @ 20
Also, the same committee is discussing an elected Elections Auditor, as opposed to an appopinted one.
“Discussing?” If only we knew how that discussion went. Wait, the king County Council has the final report of the KEOC linked on its site! Turns out (warning: PDF format) that they had NO recommendations on this matter, but merely developed “a list of pros and cons” around the issue.
The final report body contains only a statement that “most” counties have elected Auditors, and that:
a) the KC charter assigns elections operations to the office of the County Executive
b) the King County Council must confirm appointments of Elections administrators
Looks like we’d need to amend the KC Charter to change this.
answer my question at 10 prr, before I answer yours :P
The Independent Task Force on Elections, appointed by Sims, had urged him to hire an outside team that would shake up management of the troubled Records, Elections and Licensing Services Division.
Sims vowed to follow the task-force recommendations but “wasn’t able” to hire a consulting team in time for the September primary, as he had “hoped”.
46, not quite, but yes.
he has selected a team, but is awaiting authorization of funds from the council, who is considering the funding.
Part of their reported misgivings of the council stem from the Citizens advisory opposition. 850k was set aside for the team, but they need an additional 500k. If the Council denies it, the team contract is off.
I misread (and subsequently misstated) a portion of that.
Sims is indeed trying to hire one. He was given that recommendation in July, and submitted the contract in late October. He has stated his intention to follow that recommendation.
Just giving credit where due.
What makes me curious is the breadth of the opposition.
http://seattletimes.nwsource.c.....nd14m.html
Why?
It’s a leading question that you hope will make Governor Elect Gregoires temporary position legitimate.
It’s not
Open source, LINUX, 10 shades of UNIX, Windows- what does it matter when the Elections Office can manipulate the vote count to favor their Fraudoire candidates?
I think the complaints against organized or institutional fraud are pointless, and baseless. So far there has not been any evidence of manipulation.
Accusations against a system that allows spurious registration and allow voters to either commit mistakes leading to unlawful votes, or commit actual fraud however, may have substantive basis in fact.
The only complaint I have about the elections officials is that they may or may not have enforced existing laws. The problem is that many of the laws are ambiguous and impossible to enforce, or are subject to so much interpretation, that they cannot be enforced consitently.
Thats why I support any reform that provides positive verification of legitimacy, and or consistent application of standards to ensure fairness and integrity.
49,
Should we then? Is it an idea that has merit?
I said discussing, by the way, on purpose as I knew they had discussed it, but did not issue a recommendation.
Comment by Sven— 12/14/05 @ 11:25 am
“Open source software would make it easier to hack, sine the hackers can target the specific software being able to see its code.
having propriatary software has not transparency, but does have security”
Security through obscurity has been proven to be a poor approach. No software is hack proof. Open source software would only make the election process transparent to those who can (or want to bother to) read the source code.
I think this is another of Goldy’s phony crusades to attempt to cast doubt on the legitimacy of Bush’s victory in 2004. Goldy’s supposedly a software developer, he should know that using open source software instead of proprietary software adds little or no transparency to the election process for the average person.
I have to agree with Roger on this issue, I think we need paper ballots with the proper controls and audit trail.
prr @ 51
The Independent Task Force on Elections urged Sims to hire a turnaround team (in July 2002), the RFQ was created, submitted, and approved by the KC Council, and the team was hired by October 31 2005. By goverment (or even many private) standards, that was moving pretty fast, I’d say.
prr @ 52
you hope will make Governor Elect Gregoires temporary position legitimate.
It’s not
You should really talk to the Secretary of State more often. He seems to think it IS.
Me @ 57
That was July 2005!!
daddy @ 59
LOL
I was gonna say….2002 to 2005 *is* fast by government standards……
Glad ya clarified that.
;)
sven
If I could type I’d be dangerous…
Conservaqtive first @ 56 (and other paper trail people:
Sigh. If anyone had bothered to read the reference to a computer security expert’s analyis of this issuse (see post 32 above), you’d have seen his TWO major recommendations are 1) Paper trail and 2) open source. Here’s what he says about paper:
” DRE machines must have a voter-verifiable paper audit trails (sometimes called a voter-verified paper ballot). This is a paper ballot printed out by the voting machine, which the voter is allowed to look at and verify. He doesn’t take it home with him. Either he looks at it on the machine behind a glass screen, or he takes the paper and puts it into a ballot box. The point of this is twofold. One, it allows the voter to confirm that his vote was recorded in the manner he intended. And two, it provides the mechanism for a recount if there are problems with the machine.”
I realize we all have opinions here, but I’m pretty sure that none of us are in the business of computer security. This guy is. Go read the article.
BTW: The link I provided is, as far as I can tell, partisan-nuetral.
you and me both, brother….
“No member of the Citizens’ Election Oversight Committee spoke in support of the turnaround-team concept, which was the central recommendation of a separate election task force in July.”
“The resounding rejection will likely heighten misgivings among County Council members, who this week delayed action on County Executive Ron Sims’ request for $500,000 for a turnaround contract. An additional $850,000 has already been set aside for the contract for which Sims has chosen Waldron & Co. of Seattle.”
Check it out in today’s Seattle Times
make your own link seattletimes.nwsource.com/html/politics/2002682382_turnaround14m.html
Conservative first @56: You mention that open source does nothing for the average person. Au contraire, mon frere. Open source allows the average person to get an independent analyis of the code from a trusted news outlet, whether that’s his national party, newspaper, activist organization, etc.
Larry, seems we have reports about that now dont we, hence the topic on hand.
There needs to be a scrutiny and audit, but that does not necessarily have to entail requiring a company to publish the source code, only that they supply it to the auditors.
And since when is a news outlet always a trusted news source?
How many here would trust, for example only, if Fox News published a report about election software?
Sven,
As an example of what I said,
Before the Nov 04 election, various PAC’s and groups were “getting out the vote” both Democrat and Republican. They were getting tens of thousands of voters to register. They didn’t care if voters were already registered. Then they dropped all of these thousands of voter registration cards in KCRE’s lap. Because there were so many and the workers were overwhelmed, they removed one of the internal steps in processing the registrations, the check to see if that person was already registered. That created well over 10,000 double voters. Logan said that they removed 10,000 double voters before the primary this year. And, Bobbie Egan (I think) said that a bi majority of those registrations had numerous mistakes on them, including many of them not being signed. For every one of those registrations not signed, KCRE has to send a letter asking for a signature. The sheer volume of the workload, the removal of the system check, created lots of errors and more work.
Further complicating that was the fact that the workers were trying to do all of this on a new system that they weren’t used to and didn’t have adequate training on.
To add insult to injury, the workers were vilified by Democrats when Gregoire was losing, Republicans when Rossi was losing, and the press and voters around the state constantly.
Fielding a new computer system and removing checks and balances in the system to try and accomplish the job, created errors, increased worker frustration and put the organization into chaos during a Federal election year when everyone was stirred up because of Pres Bush, which raised the turnout a lot.
Those are leadership/manager decisions.
Slightly off topic but I have decided we need to mount a war on Christmas. Christmas almost certainly poses a threat to the USA. Christmas has been seen loitering in Africa looking for Yellow Cake for its WMD program. Christmas even was spotted trying to kill its own people, er deer!
C-1st, that was me you were agreeing with. As best I can tell, Roger hasn’t commented on this thread.
Roger or me, though, it’s still a shock to see you on the same side.
I see Goldy has avoided the follow-up on the I HATE-CHRISTIANS Washington State Democratic Party Hypocrite Fish Magnet caper:
This was in TODAY’S Seattle Times:
“State Democratic Party Chairman Paul Berendt said he first found out about the hypocrite fish posting on Friday when someone from KIRO radio called to ask him to go on the air to give an explanation.
“The moment I became aware of it, I insisted it be taken down,” Berendt said Tuesday. “I’m sorry if anyone was offended. It’s embarrassing.”
Berendt said the item had not been “properly vetted” and was on the Web site for less than 48 hours. He said the party didn’t even have any of the magnets in stock.
“We didn’t sell any of them, and we’re not going to,” he said.
State Rep. Doug Ericksen, R-Bellingham, put out a news release Tuesday criticizing the Democrats for posting what he described as an “anti-Christian” symbol.
“It’s just amazing that they have people sitting in their office who think that way,” Ericksen said. “You would never see anything on a Republican Web site demeaning Judaism or the Islamic faith.”
The fish magnet is copyrighted by a Mount Vernon company called Reefer Magnets. The company mostly sells magnets with pro-marijuana messages such as “Hemp is Patriotic” and “Jesus is coming, roll another joint.”
Berendt said he wasn’t sure what the fish symbol is supposed to mean but said he thinks it is aimed at “people who claim to be pro-life but are for the death penalty.”
To all you LEFTIST PINHEADED CLOWNS who immediately put forth that it was some Vast Right-wing Conspiracy that some neo-con hacked into the Democratic Party website and planted that CHRISTIAN-HATING FISH MAGNET, all I can say to you is
PHHHHHHHHHHHHHHHTTTTTTTTTTTTTTTT!!!
You CLOWNS are vicious, intolerant, hate diversity and are mean too!
Cynical, it’s Goldy’s blog. If he doesn’t want to write about something, he doesn’t write about it. If you’re so hot on that dumb (and removed immediately) product, create your own damn blog and write about it to your heart’s content.
PS. to Cynical: I much prefer this magnet, which I actually saw on a car a few weeks ago.
Nin @ 74—
Ooooooooooooooooooooooooooo! A bit testy about this faux pas, aren’t we Nin. No one believes Berendt’s lying explanation even a little teeny bit.
Berendt is sorry all right…sorry he got caught.
I have some friends who are very active State Democrats, Christians and mighty ticked off….at both Berendt’s act and even more so at his lame-ass explanation. No more time or money until they get the straight answer on this one. Tolerance and Diversity….My ASS!
Nin–
Testy, aren’t you!!
No one believe’s the lying snakes excuse either.
There were 566 ballots LEGALLY added in King County — absentee ballots that King County Elections had failed to process properly, when they failed to check signatures on them and rejected them without even notifying the voters in question.
However, 395 additional ballots were MYSTERIOUSLY added in King County. The machine recount processed 336 more ballots than the original count. Yes BALLOTS, not VOTES — we aren’t talking about “finding” votes that weren’t previously counted on exisiting ballots, but finding entirely new ballots. And there were 59 more additional ballots on the manual recount — in addition to the 566 previously misprocessed ballots.
Since we’re having a code discussion, I’ll talk briefly about code.
Open Source is nice. I like open source, I use open source.
Open Source is not magic though. Goldy points out that his Mac is based on the Open Source Mach kernel. The Darwin user interface and applications suite (and the user interface and apps layer, not the kernel, is the vector for most viral infections) are closed-source. I will be doing day trips to the moon before Apple opens up Darwin or Safari for inspection.
UNIX/Linux/Mach is generally more secure in operation than Windows. This has a lot to do with how these systems are operated and administered than the inherent system design.
Most UN*X users have a limited privlege account that does not grant access to system files nor grant permission to install software. When a UN*X user wishes to change the system configuration and/or install software, she or he does a temporary privilege escalation to install the software. Once the install is completed, the user goes back to using a limited privlege account. This entire escalation/install/de-escalate mechanism is largely transparent to the user and takes less than 20 seconds.
Windows has all of the same mechanisms available, but the privlege escalation mechanism is broken. Because Windows is centered around the desktop metaphor, a user with a limited account must log out completely, log in as a privleged account, install the software, log out completely, then log in again as a limited privlege user to actually use the software that was just installed. This mechanism of logging out, logging in, installing, etc. takes somewhere around five minutes or more, depending on your machine configuration, etc.
Needless to say, most users, even competent ones (a rare breed), get frustrated about the second or third time they have to run through this rigamarole, and run 100% of the time as a privleged account. At that point, the strongest possible security against viruses and infections, namely permissions enforced at the operating system level, have been disabled. At that point, you pretty much deserve whatever is coming your way.
Why on earth did I put you through this and what does it have to do with voting? It’s a warm-up. If that reasonably non-technical discussion of privlege escalation was tough to follow, you should probably exit right now, because we are going straight down the rabbit hole.
Normally, when we say “open source”, this refers to a licensing agreement that gives end users of the software the ability to modify and pass on the software modified as they see fit. This is NOT what is needed for better voting software. What is needed is something that Diebold has been very reluctant to provide, namely outside review of their code and/or access to the source code for their customers. CAIN code (more on this terminology in a second) is notoriously difficult to understand. I am reluctant to say that someone without extensive training in mathematics and cryptography could make sense of it or meaningfully critque it. It COULD happen. My friends and I COULD also have a really good day and whip the Seahawks in a friendly scrimmage.
At issue is what is frequently called a “paper trail” by the media and is referred to by security professionals as CAIN. This stands for Confidientiality (the system will not divulge data to non-privleged users or applications), Authenticity (the data that was entered is the data recorded), Integrity (the data that is stored cannot be changed or destroyed by a third party after the fact) and Non-repudiation (when data has been entered, an audit trail exists that ties the change back to it’s source, and the source cannot deny changing the data).
There are solutions for all these issues. Not all of them necessarily involve paper (although paper provides a certain level of comfort for non-technical users). The financial industry uses this technology extensively to track billions of transactions per day, while at the same time making sure that human beings involved in the pipeline cannot falsify transactions nor divert legitimately transferred funds.
CAIN is frequently provided by various forms of public-key crypography. This involves creating a key (think of a password, but it’s not really a password), that is composed of a combination of two or more large numbers. A frequent candidate for numeric components are large prime numbers. The theory is that multiplying large primes (i.e., you have all the parts to the key) is simple. Taking a product of multiple primes and factoring it (i.e. guessing what the numbers are that make up the key) is computationally impossible for primes greater than a certain size.
Usually these are pairs of primes, where the sender has the product of both primes for the recipient’s key, and with this can perform a one-way encryption function to prevent intermediary disclosure. At the same time, the data can be “signed” with a hash, so that a recipient (in posession of the sender’s key), can verify on decryption that the message was not tampered with in transit and was indeed sent by the owner of the key.
In some cases, keys are created with several primes so that three or more parties must collaborate in order for a message to be sent or authenticated.
The most common implementation of public key authentication and encyrption systems is done by RSA, Inc. However, the algorithms that make this possible are well-documented and publicized, and public implemenations have been done. One of the best known is PGP, written by Phil Zimmerman many years ago.
If lots of blood is running to your head now, I’ll go back to English.
The core of the issues with Diebold’s machines is that no CAIN mechanisms exist. Votes go in, votes are tallied, results are dumped to a tabulator. The vote tallies are like a cigar box full of money. No controls exist on the integrity of the data other than the presumed benevolence of the people handling the systems. If $20 falls out, or 20 votes get slipped in, how is anybody supposed to know?
jsa
your last paragraph described our stupid voter intent system as it is; 1/12 of all votes doctored
righton @ 80:
… and the other fifteen paragraphs were as clear as Chinese I presume. ;-)
The canvassing boards are basically a personnel issue, something that is way outside of my core compentcy. If you believe the boards are inherently corrupt and subject to chicanery, then the voter intent system is of course subject to fraud. However, if you are working under that assumption, there is NO technical solution that can get around that premise. Technical controls protect agaist corrupt individuals working in a system of basically honest people. Once doubt is cast on the organization as a whole, you’re screwed. Make of that what you will.
wonderful description of the problem and what needs to be done, JSA.
I applaud you!
Comment by Larry the Urbanite— 12/14/05 @ 1:50 pm
“Open source allows the average person to get an independent analyis of the code from a trusted news outlet, whether that’s his national party, newspaper, activist organization, etc.”
Open source software may add some value, but it’s nominal. I’d be more confident in a third party reviewing the paper ballots, and associated audit trail, than code reviewing the software that counts the votes for security holes. Take the difference between Florida in 2000 and Ohio in 2004. After the 2000 election several media outlets hired someone to count the ballots, and were able to present their results to the public. While I don’t believe there was fraud in Ohio in 2004, there’s no way to go back and manually verify the votes since they are electronic. If the Diebold machines in Ohio used open source software instead of proprietary software there would still be no way for an indpendent third party to go through and recount the votes.
Comment by jsa on beacon hill— 12/14/05 @ 2:40 pm
“Open Source is not magic though.”
Well said.
Comment by N in Seattle— 12/14/05 @ 2:06 pm
“As best I can tell, Roger hasn’t commented on this thread.
Roger or me, though, it’s still a shock to see you on the same side.”
Roger posted on this topic on another thread. I’m not sure why you are shocked, just because I’m a conservative doesn’t mean that I’m not for transparent elections.
c1st,(imho) while very conservative (well, duh look at the name!), isn’t a prr/cynical/xmasghost/puddy troll.
He might be doctorinaire and unwilling to listen, but he actually has real opinions too :p
righton @ 80:
Your issue is an organizational one. Technical controls can protect against dishonest people in an essentially honest organization. If you do not believe the organization itself is honest, there are no technical controls that will protect against that.
jsa, I mostly agree with you save one part. If the software you are talking about existed and was open source, we would all be able to open up the “rob-georgia.zip” patch that got applied to the georgia machines and find out what was there. I think you and I at least and probably a lot of folks on this board would be able to understand it enough to follow what the patch is doing and I suspect most folks have a ‘pet tech’ that could also do the same.
Ultimately, I think that its not just about having some unnamed officials being able to audit the software and patches, open source would allow enough folks to be able to do so and there would not be a question of what these patches do. Further when holes get found everybody and their brother would know about it, the holes would get plugged much faster than Diebold seems willing to do it.
I mean thats a big part of why most admins prefer *nix to windows for production machines still (other than the MCSE ones who only know the windows servers), its not about the stability anymore, its the fact that security holes in an open source products are normally patched just a couple of days after the hole is found, windows patches on the second tuesday of each month.
Geez, I might end up voting for Senator Windfall. Did you see the thing in today’s Times that she lead the effort to renew the sales tax deduction. Article says “This is not a tax cut; it is tax relief for U.S. citizens who have been paying more than a fair share.”
Wow. So Senator Windfall agrees I’ve been paying more than my fair share. Thanks to her, I’ll be able to write off the sales tax I paid on my new luxury SUV.
… as if MTR can afford a luxury SUV. He can’t even afford to pay off his gambling losses!
bill @ 85:
Well, yes and no.
Audit controls are much more important than opening the source.
Let’s suppose I had a friendly, Linux-based voting system with open source code. Let’s also suppose I had root access on that system.
On the night of 1 Nov, I can log into that system, reset the system clock to the last legitimate patch date, insert a private version of my code (with rob-georgia.zip already installed), restart the appropriate daemons, and let things go on their merry way.
I’ll set the clock to real time, scrub the /var/adm/wtmp and system logs on the way out.
At midnight on 3 Nov, once the votes have been tallied, I will again, reset the clock back to the last authorized patch date, install the original code packages, restart the daemons, set the clock back to real time, scrub the logs, tip my hat, and say good night.
A very good, and very careful forensics person MIGHT be able to find traces of my activities, but probably not. You’d essentially have to tear the system apart on a sector level assuming there had been fraud without much visible proof of fraud at a first or second glance.
A good auditing system will indelibly log all operator access to the machine on a trusted system, will cross-check all transactions made on the machine, and most importantly, will not permit unlimited root access on the system to Jesus Christ Himself. (Real Security People do not consider most Unicies to be secure for exactly this reason, although several vendors have produced C2 and B1/B2 versions of UN*X to address these issues).
It’s a complicated process. If all there was to making secure systems was opening the source code, I’d be out of a job and would be flipping burgers, selling life insurance, or something awful like that.
@54:
Do the words “dismissed with prejudice” mean anything to you?
jsa
I trust them at Soccer practice, at church, but not in their partisan role as elections helpers of the dems. Its partisan, not objective.
righton @ 89:
Listen, I’m sorry you feel that way, but I repeat, if you feel the organization is corrupt from top to bottom, there is no control that will help that.
I have no reason to believe the canvassing boards are corrupt. This is not Louisiana. This is not Mississippi. Hell, this isn’t even Texas. Most of these organizations are split 50-50, half Republicans, half Democrats.
I will add that attacking the organization (regardless of whether it is a “Republican” organization or a “Democratic” one) is usually little more than a smokescreen for partisan swipes. If a mechanism is broken (i.e. no CAIN in the voting machines), you fix the mechanism.
When the organization is being attacked, it usually means that someone isn’t happy with the results of that organization, and wants it replaced with one that is more favorable to its cause.
ergo the “Liberal” media. The “corrupt” King County Department of Elections. The “elites” of academia and so on.
I have heard that some lefties howl and scream at organizations too. They’re usually way out there, and need to cut back on their hemp consumption, or something.
(e.g. the “evil” WTO, the “imperialist” World Bank, etc.)
Since I’m on a work kick right now, I’ll add a political lesson that comes directly from being an integrator.
NEVER DESTROY ANY SYSTEM UNLESS YOU HAVE A WORKING REPLACEMENT.
If I went into a client, and said “That payroll system is a piece of shit. I’ll junk it. At some point, someone will put something in its place. Good luck getting paid in the mean time guys!”, I would have my walking papers before lunchtime. Worse, because I just trashed the payroll system, I wouldn’t even get my last week’s check.
Unfortunately, in the political world, smashing broken institutions without replacing them (or saying “let the magic of the market step in”, which is the same thing), seems to be par for the course.
You can’t get a job at a real tech company doing that. Why is it considered a legitimate part of the political discourse?
jsa
you must not understand the rich history of partisan politics under the guise of good govt/bureaucracy…
redistricting is partisan based
patronage was a big deal (mostly gone now)
cabinet seats go to the party in power, reflect their bias
ambassadors partisan, though they act mostly non partisan
Controlling the elections dept is like controlling the courts, the redistricting, the public media.
I strongly doubt Logan gets a dime extra for bending the rules (so not financially corrupt)…but he and his crew (and Dem sponsors) intentionally mark up 1/12 of all ballots, never check on dwarf voters, dead, etc…then yeah, they are politically in synch w/ the party.
And yeah the media is biased. Fox leans right of course, but nbc/cbs/abc all have a liberal bias.
righton
redistricting in Washington state is done by a commission of two Republicans and two Democrats. They are appointed by the majority and minority caucuses of the House.
http://www.redistricting.wa.gov/
Perhaps you are thinking of Texas?
I understand political chicanery is a bipartisan activity. There just isn’t very much of it going on here no matter how much you want to claim to the contrary.
It’s frustrating to keep losing elections, I know. My only suggestion is to move 600,000 Republicans over to Eastern Washington and try again. Just don’t crowd them together into a city like we do here. When you do that, they start seeing a need for social services and infrastructure. At that point, they usually start voting Democratic.
jsa; i didn’t know the Wa state specifics. But broadly, american history is littered, famous for this being part of the democratic process.
party in power picks the borders.
If you want far more notorious redistricting than texas, go to S. Calif (santa monica area), and/or Interstate district created in N. Carolina. I’ll bet 1000 examples or far more over american history.
Arguably its not all bad; that is, part of democracy.
Apparently, the guy from Finland put in a memory card with -5 in the counter for NO and +5 in the counter for YES. The “zero report” onboard the machine passed, so it must add the accumulators and if the result is zero, everything is fine.
If there were 5 or more NO votes cast on that machine, I don’t see how any software on the central tabulator could detect this hack.
With all the concern about partisan elections workers, it is amazing to me that the righties aren’t screaming about all those Democratic poll inspectors with the voting machines in their homes from Sunday to Tuesday.
I guess they know a good opportunity when they see one ;^)
It doesn’t seem to me that it would be hard to fix this problem in the voting machine’s firmware. Just goes to show that the coverup is always worse than the, in this case, screw-up.
Or is it a screw-up?
Richard Pope @ 78
Maybe the Republicans applied the Diebold hack in 2004.
In my business we use outside software but we get access to source code either by buying it or signing a non disclosure agreement. I see no reason the governement can’t do what other large businesses like Boeing do.
drool: I think the problem is diebold won’t release it, no matter what. You can’t buy their source if theyr’e not selling, and all the NDAs in the world won’t help you, if they wont’ release it…
Comment by windie— 12/14/05 @ 3:14 pm
“He might be doctorinaire and unwilling to listen, but he actually has real opinions too”
I guess that’s a compliment. So thanks.
I may be attached to conservative views but that doesn’t my views impractical. (I assume you mean doctrinaire, and I did have to look it up).
sorry, just being silly
talking to you is a relief really. You actually want to DISCUSS things. For which I thank you ;)